Blackphone

Would You Spring For An Encrypted Smartphone?

With the endless revelations about the National Security Agency's surveillance activities and many recent security breaches of various apps and operating systems, it's no wonder consumers are starting to consider security as one of the foremost features they want when investing in a new phone.

A new phone called the "Blackphone" created by U.S. encryption firm Silent Circle and Spanish headset company, Geeksphone is hoping to corner this market as "the world's first smartphone to put privacy and control ahead of everything else."

The phone, which made its debut today at the Mobile World Congress in Barcelona, is designed to function and look like phones already familiar to consumers, but is carrier and vendor independent allowing for encrypted calls and text messages, and secure file sharing and web browsing. Both the sender and recipient must have the Silent Circle encryption app installed in order to decode the message or talk privately. With these capabilities, some are worried that the Blackphone will become the preferred mode of communication for drug dealers and the mob.

Silent Circle was co-founded by renowned cryptographer, Phil Zimmerman in 2012. Zimmerman is the creator of a widely-used email encryption software called Pretty Good Privacy (PGP). Judging by the criticism being launched at the Blackphone, that's exactly the type of security it offers, "pretty good," but by no means perfect.

In an email interview with the CBC, chief product officer for Blackphone, Toby Weir-Jones responded to claims that the Blackphone is "NSA-proof," saying, "the media coined that idea early on after our January 15 release, but we've not only never said it, but actively refuted it."

Zimmerman's reputation as a talented cryptographer gives the phone clout, however, security researchers know all to well that mistakes still happen and one little bug in the coding, found by the right (or wrong) person can be maliciously exploited. Take the recent bug in iOS 7.0.5 for example, which reportedly left information coming transmitted to your phone from Gmail, Facebook and banking websites, to name a few, completely vulnerable to third-party attacks.

In this CBC article on the Blackphone, assistant professor at the Concordia Institute for Information Systems Engineering in Montreal, Mohammad Mannan, pointed out that the phone has no way of encrypting metadata — the data about the content being transmitted, rather than the content itself. Metadata includes information about the date, time and location of the sent content and clues to the identity of the sender and receiver, which can be used to piece together the information needed to breach privacy.

With that being said, this is not the first encrypted smartphone to launch or attempt to launch. Crowdfunding campaigns for various encrypted smartphones in the past have failed, leading security researchers and anti-virus firms to believe that for the average consumer, the demand for near "NSA-proof" security is just not there.

Furthermore, although the average consumer may read, share and talk about all the various security threats reported on in the media, the general attitude seems somewhat similar to that of the threat of cancer. Every year we find out that a dozen more things have the potential to give us cancer and although we may try to make adjustments here and there, it seems as though the cracks are impossible to fill. Combined with constantly changing conclusions on the level of risk any given entity holds, most of us are not throwing out our laptops, cellphones and microwaves upon hearing that they could pose a threat. The cracks in security design seem similarly impossible to fill. Thus, the average consumer is likely to accept the risk of using a regular smartphone, making small adjustments like not using their mobile browser for banking or not sending sensitive information via text message or email rather than springing for an encrypted smartphone.

For the majority of us, the bulk of our information other than that which pertains to money or banking, is not all that interesting. Unless hackers suddenly become very interested in the mundane dealings of common people (perhaps one who is of a literary bent?), the average person will probably not go through the hassle of setting up a Blackphone network amongst their friends and colleagues.